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1.Which connector on FortiAnalyzer is responsible for looking up indicators to get 
threat intelligence? 

A. The FortiGuard connector 

B. The FortiOS connector 

C. The FortiClient EMS connector 
D. The local connector 

Answer: A 


2.In the context of SOC operations, mapping adversary behaviors to MITRE ATT&CK 
techniques primarily helps in: 

A. Speeding up system recovery 
B. Predicting future attacks 


© 
C. Understanding the attack lifecycle a 
D. Facilitating regulatory compliance E 
Answer: C - 
2 
s 


3.You are managing 10 FortiAnalyzer devices in a FagtlAnalyzer Fabric. In this 
scenario, what is a benefit of configuring a Fabric Sup? 

A. You can apply separate data storage policieseSer group. 

B. You can aggregate and compress loggingdata for the devices in the group. 
C. You can filter log search results based dfi the group. 

D. You can configure separate logging,vates per group. 

Answer: C rs 

oo 
4.In managing events and igeidents, which factors should a SOC analyst focus on to 
improve response times 2°" 

(Choose Three) P 

A. Speed of alert ggfřeration 

B. Accuracy of evént correlation 

C. Time spent fn meetings 

D. Clarity of communication channels 

E. Efficiency of data entry processes 

Answer: ABD 


5.When designing a FortiAnalyzer Fabric deployment, what is a critical consideration 
for ensuring high availability? 

A. Configuring single sign-on 

B. Designing redundant network paths 

C. Regular firmware updates 


D. Implementing a minimalistic user interface 
Answer: B 


6.What should be prioritized when analyzing threat hunting information feeds? 
(Choose Two) 

A. Accuracy of the information 

B. Frequency of advertisement insertion 

C. Relevance to current security landscape 

D. Entertainment value of the content 

Answer: AC 


e 
7.Why is it crucial to configure playbook triggers based on accurate,sfireat 
intelligence? eo 
A. To ensure SOC parties are well-attended e 
B. To prevent the triggering of irrelevant or false positive açtións 
C. To increase the number of digital advertisements > 


D. To facilitate easier management of office SUER IOS 


Answer: B & 
Và 
& 
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8.Which two assets are available with the, otitbreak alert licensed feature on 
FortiAnalyzer? À 
(Choose two.) & 


A. Custom event handlers from FortiGuard 
B. Outbreak-specific custom plá books 

C. Custom connectors fromsortiGuard 

D. Custom outbreak reposts 


Answer: AD A 
«l 
X 
Re 
& 
9.Which triggeftype requires manual input to run a playbook? 
A. INCIDENT_TRIGGER 
B. ON_ DEMAND 
C. EVENT_TRIGGER 
D. ON_SCHEDULE 


Answer: B 


10.When configuring playbook triggers, what factor is essential to optimize the 
efficiency of automated responses? 
A. The color scheme of the playbook interface 


B. The timing and conditions under which the playbook is triggered 
C. The number of pages in the playbook 

D. The geographical location of the SOC 

Answer: B 


11.Refer to the exhibits. 


Job ID Playbook Trigger Start Time End Time Status 2 Details 


Playbook Tasks ma [lf 
Z Rel 
go Task ID Task Start Time End Time Status Raw Log 
o faz_attach_action_status_to_incident Attach Status 2024-03-28 06:25:08-0700 2024-03-28 06:25:09-0700 failed 
0 ems_quarantine_endpoint Quarantine Endpoint 2024-03-28 06:25:05-0700 2024-03-28 06:25:08-0700 success Unavailable 
wo 
aL 


[2024-@3-28TO6:25:09.302-0700] {taskinstance.py:1937} ERROR - Task failed with exception 
Traceback (most recent call last): 
File “/drive@/private/airflow/plugins/incident_operator.py™, line 695, in execute 
self.add_attachment(context) 
File “/drive@/private/airflow/plugins/incident_operator.py”, line 676, in add_attachment 
resp = super().execute_action(context, json_request) 
File "/drive@/private/airflow/plugins/incident_operator.py”, line 55, in execute_action 
resp = super().execute_action(context, self.adom_oid, json_req) 
File “/drive0/private/airflow/plugins/faz_api_operator.py", line 146, in execute_action 
raise AirflowException(resp[ ‘error’ ][ ‘message’ }) 
airflow.exceptions.AirflowException: Invalid params: Invalid incident IO: INe@eeeee1. 
[2024-03-28T@6;25:09.394-0700) {standard_task_runner.py:104} ERROR - Failed to execute job 3156 for task faz_attach_action_status_to_incident 
(Invalid params: Invalid incident ID: IN@@@8001.; 10526) 
24 
DA 


a! 
The Quarantine Endpoint by EMS playbook execution failed. 

What can you conclude om reviewing the playbook tasks and raw logs? 

A. The playbook exediited in an ADOM where the incident does not exist. 

B. The admin userdoes not have the necessary rights to update incidents. 

C. The local copfector is incorrectly configured, which is causing JSON API errors. 
D. The endpoint is quarantined, but the action status is not attached to the incident. 
Answer: D 


12.A key benefit of mapping adversary behaviors to MITRE ATT&CK tactics in SOC 
operations is: 

A. Decreasing the dependency on external consultants 

B. Enhancing preventive security measures 

C. Streamlining software development processes 

D. Improving public relations 


Answer: B 


13.In designing a stable FortiAnalyzer deployment, what factor is most critical? 
A. The physical location of the servers 

B. The version of the client software 

C. The scalability of storage and processing resources 

D. The color scheme of the user interface 

Answer: C 


14.In the context of SOC automation, how does effective management of connectors 
influence incident management? 
A. It decreases the effectiveness of communication channels g 
B. It simplifies the process of handling incidents by automating data exchanges 
C. It increases the need for paper-based reporting g 

© 
D. It reduces the importance of cybersecurity training $ 
Answer: B » 


O 
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a 
15.How do effectively managed connectors mpat the overall security posture of a 
SOC? Ká 
A. By reducing the need for physical securiý measures 
B. By increasing the workload of SOC afialysts 
C. By enhancing the integration of divérse security tools and platforms 
D. By complicating the incident TERS process 
Answer: C abe 
À 
C 
16.Which configuratiogwould enhance the efficiency of a FortiAnalyzer deployment in 
terms of data throughput? 
A. Lowering the sécurity settings 
B. Reducing thé number of backup locations 
C. Increasing the number of collectors 
D. Decreasing the report generation frequency 
Answer: C 


17.How does regular monitoring of playbook performance benefit SOC operations? 
A. It enhances the social media presence of the SOC 

B. It ensures playbooks adapt to evolving threat landscapes 

C. It reduces the necessity for cybersecurity insurance 

D. It increases the workload on human resources 


Answer: B 


18.You are tasked with configuring automation to quarantine infected endpoints. 
Which two Fortinet SOC components can work together to fulfill this task? 
(Choose two.) 

A. FortiAnalyzer 

B. FortiClient EMS 

C. FortiMail 

D. FortiSandbox 

Answer: AB 


KA 
19.You are not able to view any incidents or events on FortiAnalyzex 
What is the cause of this issue? Ka 
A. FortiAnalyzer is operating in collector mode. S 
B. FortiAnalyzer is operating as a Fabric supervisor. $ 
C. FortiAnalyzer must be in a Fabric ADOM. A 
D. There are no open security incidents and events. Ñ 
Answer: A S 


20.Which elements should be included in a effective SOC report? 
(Choose Three) À 

A. Detailed analysis of every logged,eVent 

B. Summary of incidents and theigsstatuses 

C. Recommendations for impraving security posture 

D. Marketing analysis for theuarter 

E. Action items for followcfp 

Answer: BCE Fa 
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